CVE-2014-9218

phpMyAdmin <4.0.10.7-4.2.13.1 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9218. PoCs published by Javer Nieto & Andres Rojas.

AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in phpMyAdmin by sending a long password parameter, causing resource consumption. The PoC uses a simple bash script to generate a payload and send multiple requests to the target server.

Description

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.

Exploits (1)

exploitdb WORKING POC

by Javer Nieto & Andres Rojas · textdosphp

https://www.exploit-db.com/exploits/35539

View Code ZIP pw:eip

This exploit demonstrates a denial of service (DoS) vulnerability in phpMyAdmin by sending a long password parameter, causing resource consumption. The PoC uses a simple bash script to generate a payload and send multiple requests to the target server.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1

No auth needed

Prerequisites: Access to the target phpMyAdmin installation

MITRE ATT&CK